Professional services firms, particularly law firms, are the “current flavour of the month” for cyberattacks, driven by the valuable client information the sector guards. Speaking to City AM, Holly Waszak, head of cyber claims advocacy at Marsh, said: “We’re seeing insurers come to us with law firms on their books,
Maria Ward-Brennan
Friday 19 June 2026 11:52 am
Professional services firms, particularly law firms, are the “current flavour of the month” for cyberattacks, driven by the valuable client information the sector guards.
Speaking to City AM, Holly Waszak, head of cyber claims advocacy at Marsh, said: “We’re seeing insurers come to us with law firms on their books, and they are trying to engage with clients as much as possible to forewarn them.”
Due to the nature of the work professional services firms carry out, they are seen as high‑value, information‑rich targets for cybercriminals. Firms hold all sorts of highly confidential information on file for clients, from M&A deals and trade secrets to contentious employment matters, exposing firms of all sizes to these threats.
Waszak highlighted that, because of this sensitive information, groups such as the ‘silent ransom’ collective, which includes Luna Moth and Chatty Spider, instead focus on quiet data theft rather than noisy encryption.
“They are using phishing tactics… so, calling these kinds of employees, partners, saying ‘we really need to access your computer, it’s your IT help desk support, can you give me remote access’.”
#mc_embed_signup { background: #fff; clear: left; font: 14px Helvetica, Arial,sans-serif; width: 100%; max-width: 600px; margin: 20px 0; } #mc-embedded-subscribe-form { margin: 20px 0 !important; } .newsletter-form-flex { display: flex; gap: 0; align-items: center; margin-top: -10px; } .newsletter-form-flex input[type=”email”] { flex: 1; padding: 2px 10px; border: 1px solid rgb(18, 22, 23) !important; border-radius: 12px 0 0 12px !important; } .newsletter-form-flex input[type=”submit”] { padding: 4px 10px !important; margin: 0 !important; background-color: rgb(18, 22, 23) !important; color: rgb(255, 255, 255) !important; border: 1px solid rgb(18, 22, 23) !important; border-radius: 0 12px 12px 0 !important; } .newsletter-banner-content { margin-bottom: 15px; } .newsletter-banner-content h2 { margin: 0 0 10px 0; font-size: 18px; font-weight: 600; } .newsletter-banner-content p { margin: 0 0 10px 0; line-height: 1.5; } .newsletter-banner-content ul, .newsletter-banner-content ol { margin: 0 0 10px 20px; } .newsletter-banner-content a { color: #0073aa; text-decoration: none; } .newsletter-banner-content a:hover { text-decoration: underline; } .newsletter-banner-content img { max-width: 100%; height: auto; margin: 10px 0; } #mc_embed_signup #mce-success-response { color: #0356a5; display: none; margin: 0 0 10px; width: 100%; } #mc_embed_signup div#mce-responses { float: left; top: -1.4em; padding: 0; overflow: hidden; width: 100%; margin: 0; clear: both; }
“Once they’ve got that access, they are immediately exfiltrating data, and they’re not bothering with deploying ransomware or encrypting data. They are simply exfiltrating whatever they can… then working out what they’ve got, and then extorting their victims, such as ‘we have all of this data from your clients, and you do not want this to be leaked, so here is our demand’,” she added.
This isn’t a new attack for law firms. Back in 2023, magic circle firm Allen & Overy (now A&O Shearman) was targeted by the notorious LockBit ransomware group, which threatened to leak data stolen from a small number of the firm’s storage servers. Most recently, Stewarts Law reported incidents in which criminals impersonated the firm, sending fraudulent emails and faxes to the public to exploit its brand identity.
Firms urged to focus on incident response plans
For firms, the question is no longer whether they will be targeted, but how well they respond when they are. Waszak describes it as “not a matter of when, it’s if, and response is key”.
Leaders are urged to develop incident response plans that name decision‑makers, insurers, forensic providers, external counsel, and PR advisers, and that are rehearsed. “The incident response plan isn’t a stale document on a shelf,” she warned; tabletop exercises are essential to “flex those muscles”.
Waszak also argued that culture is as important as controls, as staff have to feel safe admitting a mistake quickly: “Anyone could do it, anyone can make that mistake,” she says, but the real danger is when employees stay silent and “threat actors can lurk on the systems for months”.
Last year, the headlines were lit up by cyberattacks targeting the most notable businesses on the high street, including M&S. This led to a wave of boardrooms shifting their attitudes towards cyber security, sparking demand for insurance coverage.
Read more Staff burnout soars in professional services due to inefficiencies and outdated IT
Similarly tagged content: Sections Categories People & Organisations
